Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

Ethical hackers protected by Belgian cyber watchdog

Belgium has made moves to protect ethical hackers, with a new framework that is the first of its kind in the EU.

user icon Daniel Croft
Thu, 16 Feb 2023 Culture
Ethical hackers protected by Belgian cyber watchdog
expand image

Ethical hacking, also known as white hat hacking, refers to cases where hackers breach an organisation’s security and access data, purely for the intention of identifying vulnerabilities, and then relaying them to the targeted organisation in an effort to help it better secure its data.

These hackers are often employees or contractors of the targeted business. A hacker must legally have the permission of the business to breach its network.

The new framework, which is run by the Centre for Cyber Security Belgium (CCB), entails a vulnerability reporting system, which provided that they meet specific criteria, protects white hat hackers from prosecution.

============
============

Laid out in the CCB vulnerability disclosure policy (VDP), ethical hackers must meet the following criteria:

  • Hackers must notify the owner of the vulnerable system as soon as possible.
  • Hackers must submit a vulnerability report to the CCB ASAP, however no earlier than notifying the owner of the vulnerable system.
    • Hackers are not required to inform the CCB if the organisation already has a VDP. They will still be required to inform the CCB if there are difficulties or businesses without a VDP are affected.
  • Hackers must act without malicious or fraudulent intent.
  • Hackers must only work in a necessary and proportionate manner.
    • Most VDPs state that brute force attacks, social engineering, and phishing are unnecessary and disproportionate.
  • Hackers must never make information acquired during ethical hacking available to the public without the approval of the CCB.

The full criteria details can be found on the CCB website.

While Belgium is not the first country in the EU to provide ethical hackers with forms of protection, the new CCB framework is the closest to providing all-inclusive safeguards.

Other countries such as Lithuania only provide protection in regards to critical infrastructure, while France and Slovakia do not provide “full legal protection”, according to CCB legal officer Valéry Vander Geeten in an interview with The Daily Swig.

The US Department of Justice announced last year that White Hat hackers would be protected from prosecution, rewinding a decision made in 2014 that changed the Computer Fraud and Abuse Act (CFAA) that blanket outlawed "any conduct that victimizes computer systems".

Cyber Daily logo
VIEW ALL

In Australia, while there is no specific framework or body to protect white hat hackers from prosecution, there are a number of specific conditions in legislation that allow for ethical hackers to operate.

The Computer Misuse and Cybercrime Act 2001 (Cth) for instance, makes it illegal to modify a network or system without permission. However, in the case of ethical hacking, there is an exception for individuals to gain unauthorised access for testing purposes, provided they have the owner’s permission.

Furthermore, the NSW government announced last year that it was looking to introduce changes to criminal legislation to promote and protect white hat hacking.

According to CyberWire, as of November, the state government is working on establishing a cyber security vulnerability disclosure policy.

“The vulnerability disclosure policy will provide clear expectations for all NSW government agencies and the public about how the government will handle reports of identified vulnerabilities,” said a spokesperson from Cyber Security NSW.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA